CVE-2026-8431

HIGH CVSS 7.2 View on NVD ↗

Description

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-8.0.23

Published: May 12, 2026 19:16 UTC Modified: May 13, 2026 15:34 UTC